What Is Claimed Is: 



1 1 . A method for managing security policies in a distributed 

2 computing system, wherein security policies determine access rights to a 

3 computer application, the method comprising: 

4 creating a plurality of security policies, wherein each security policy 

5 specifies a level of security for the distributed computing system; 

6 distributing the plurality of security policies to each computer in the 

7 distributed computing system; 

8 selecting a specific security policy from the plurality of security policies 

9 for use across the distributed computing system; and 

1 0 informing each computer in the distributed computing system to use the 

1 1 specific security policy. 

1 2. The method of claim 1 , wherein the level of security includes a 

2 specific security posture. 

1 3 . The method of claim 1 , further comprising using secure 

2 communications for distributing the plurality of security policies to each computer 

3 in the distributed computing system. 

1 4. The method of claim 1 , further comprising signing each security 

2 policy in the plurality of security policies with a cryptographic signature to allow 

3 detection of unauthorized changes. 
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5. The method of claim 1, further comprising distributing the plurahty 
of security poHcies from a computer in the distributed computing system to a 
subordinate computer. 



1 6. The method of claim 1, wherein selecting the specific security 

2 policy for use includes selecting the specific security policy based on a security 

3 posture. 



1 7. The method of claim 6, wherein informing each computer in the 

2 distributed computing system to use the specific security policy includes using 

3 secure communications for distributing the security posture indicator to each 

4 computer in the distributed computing system. 



1 8. The method of claim 1 , wherein the plurality of security policies 

2 includes a default security policy, wherein the default security policy is selected 

3 by a computer within the distributed computing system if the specific security 

4 policy is defective on that host. 



1 9. A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for 

3 managing security policies in a distributed computing system, wherein security 

4 policies determine access rights to a computer application, the method 

5 comprising: 

6 creating a plurality of security policies, wherein each security policy 

7 specifies a level of security for the distributed computing system; 

8 distributing the plurality of security policies to each computer in the 

9 distributed computing system; 
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selecting a specific security policy from the plurality of security policies 
for use across the distributed computing system; and 

informing each computer in the distributed computing system to use the 
specific security policy. 

10. The computer-readable storage medium of claim 9, wherein the 
level of security includes a specific security posture. 

1 1 . The computer-readable storage medium of claim 9, wherein the 
method further comprises using secure communications for distributing the 
plurality of security policies to each computer in the distributed computing 
system. 

12. The computer-readable storage medium of claim 9, wherein the 
method further comprises signing each security policy in the plurality of security 
policies with a cryptographic signature to allow detection of unauthorized 
changes. 

13. The computer-readable storage medium of claim 9, wherein the 
method further comprises distributing the plurality of security policies from a 
computer in the distributed computing system to a subordinate computer. 

14. The computer-readable storage medium of claim 9, wherein 
selecting the specific security policy for use includes selecting the specific 
security policy based on a security posture. 
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1 15. The computer-readable storage medium of claim 14, wherein 

2 informing each computer in the distributed computing system to use the specific 

3 security policy includes using secure communications for distributing the security 

4 posture to each computer in the distributed computing system. 

1 1 6. The computer-readable storage medium of claim 9^ wherein the 

2 plurality of security policies includes a default security policy, wherein the default 

3 security policy is selected by a computer within the distributed computing system 

4 if the specific security policy is defective on that host. 

1 17. An apparatus that facilitates managing security policies in a 

2 distributed computing system, wherein security policies determine access rights to 

3 a computer application, the apparatus comprising: 

4 a creating mechanism configured to create a plurality of security policies, 

5 wherein each security policy specifies a level of security for the distributed 

6 computing system; 

7 a distributing mechanism configured to distribute the plurality of security 

8 policies to each computer in the distributed computing system; 

9 a selecting mechanism configured to select a specific security policy from 

1 0 the plurality of security policies for use across the distributed computing system; 

11 and 

12 an informing mechanism configured to inform each computer in the 

13 distributed computing system to use the specific security policy. 

1 18. The apparatus of claim 17, wherein the level of security includes a 

2 specific security posture. 
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19. The apparatus of claim 17, further comprising a secure 
communications mechanism that is configured to distribute the plurality of 
security policies to each computer in the distributed computing system. 



1 20. The apparatus of claim 17, further comprising a signing 

2 mechanism that is configured to sign each security policy in the pluraUty of 

3 security policies with a cryptographic signature to allow detection of unauthorized 

4 changes. 



1 21. The apparatus of claim 17, wherein the distributing mechanism is 

2 further configured to distribute the plurality of security policies from a computer 

3 in the distributed computing system to a subordinate computer. 

1 22. The apparatus of claim 1 7, wherein the selecting mechanism 

2 includes a policy selecting mechanism that is configured to select the specific 

3 security policy based on the security posture. 

1 23. The apparatus of claim 22, wherein the informing mechanism 

2 includes a secure communications mechanism for distributing the security posture 

3 to each computer in the distributed computing system. 

1 24. The apparatus of claim 17, wherein the plurality of security 

2 policies includes a default security policy, wherein the defauh security policy is 

3 selected by a computer within the distributed computing system if the specific 

4 security policy is defective on that host. 
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